I received an email from a friend’s email address. It said Hi and how are you but was misspelled, however since she is Korean she does that often.
When I opened this email it said this:
Hey
How is going now !
It is amazed.I got a great website,that guys sell electronics,the price is cheapest and quality is nice.Fast service to receive the products from them.
Then it gives the link to a website.
I instantly realized that my friend had been hacked/spam botted. I didn’t download any attachments or click on the link, my concern is only could I get something from just opening the email?
I am using Windows Vista 64bit on this computer with the Free Avast version. I scanned with Avast, Malwarebytes, Spybot S&D and Ad-Aware (not the current version that was just released, I heard it doesn’t work well so I used the one before it).
None of them found anything, I made sure they were updated, should I be worried? I checked for windows updates and didn’t find anything.
Whilst it is possible for malware to be run on opening an email (if there is an iframe tag that runs a remote script) it isn’t too common and avast is on the lookout for iframe tags in emails (normally seen on web pages not emails, though some use it to deliver adverts). So avast could offer limited protection in that regard.
So if you didn’t click on any links or open attachments, then you should be relatively safe, given that you have run multiple scans, more so. I wouldn’t give hard disk space to AdAware, the others OK, but Spybot S&D is also getting dated.
The email was in my gmail email though. I don’t know if Avast can scan that? Is there a way to check?
But, if Avast can find the problems then it should be fine right? I did the ‘Start Avast! Anti-Virus’ and let it run all the way through, and nothing popped.
I thought Noscript would block the iframes thing, but I just checked and that box wasn’t checked
I have checked it now. I do have Ad Block Plus as well. Plus I use Firefox. I am currently using Microsoft Windows Malicious Software Removal Tool as well just in case it picks something up. I also use Spybot Resident protection.
If Ad-Aware and Spybot are no good anymore, what is another good one that is compatible with Vista that I can use to back up Malwarebytes? From what I hear Win Defender is useless.
Sorry if it seems I am over reacting, I always do. It just really annoys me that I try so hard to be careful and something always seems to slip in. I never would have opened the thing in the first place if my friend didn’t speak broken english anyway
This is my gaming computer, so other than WoW & DDO I don’t think they could get much from me, but I still hate the idea of it.
nothing to worry if you opened it in a browser and clicked nothing. it would have been a problem if you had opened it in client like thunderbird or outlook express. you are safe now.
Gmail should also scan their email content, so lessens the risk.
Well S&D isn’t useless, but there are better IMHO, if you haven’t noticed my signature under all my posts is a clue as to another you can use.
SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
The email may not have even come from your friend as it is easy to fake the from email address. It could be a contact of hers, whose computer is infected and the emails in her address book get used to send spam to and also to use as the from email address. So it isn’t certain that your friends system is infected.
Thank you guys! I am still showing all clear, and in fact, it occured to me that the easiest way to check would be to just check and see if my email is sending out emails I didn’t send. It isn’t so I figure I must be good.
My friend emailed me back and said she had thought there might be a problem. I hope she gets her end fixed!
Checking to see if your email program is sending emails is of little worth. Trojan spambots don’t use the email program of the user but a very small SMTP program that is packed with the trojan.
This is where setting the avast Internet Mail provider to High sensitivity helps as that scan all SMTP traffic and can alert you to multiple identical emails in a time period. This could be the first indication of the presence of an undetected/hidden trojan spambot.
